diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /pkgs/tools/misc/grub | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-archive.tar nixpkgs-archive.tar.gz nixpkgs-archive.tar.bz2 nixpkgs-archive.tar.lz nixpkgs-archive.tar.xz nixpkgs-archive.tar.zst nixpkgs-archive.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'pkgs/tools/misc/grub')
-rw-r--r-- | pkgs/tools/misc/grub/2.0x.nix | 187 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/buggybios.patch | 11 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/default.nix | 40 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/fix-bash-completion.patch | 24 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/grub1.patches.nix | 34 | ||||
-rwxr-xr-x | pkgs/tools/misc/grub/grub1.patches.sh | 70 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/pvgrub_image/configs/grub-bootstrap.cfg | 1 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/pvgrub_image/configs/grub.cfg | 10 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/pvgrub_image/default.nix | 42 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/symlink.patch | 37 | ||||
-rw-r--r-- | pkgs/tools/misc/grub/trusted.nix | 109 |
11 files changed, 565 insertions, 0 deletions
diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix new file mode 100644 index 00000000000..745689e312f --- /dev/null +++ b/pkgs/tools/misc/grub/2.0x.nix @@ -0,0 +1,187 @@ +{ lib, stdenv, fetchurl, flex, bison, python3, autoreconfHook, gnulib, libtool, bash +, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config +, buildPackages +, fetchpatch +, pkgsBuildBuild +, nixosTests +, fuse # only needed for grub-mount +, runtimeShell +, zfs ? null +, efiSupport ? false +, zfsSupport ? false +, xenSupport ? false +, kbdcompSupport ? false, ckbcomp +}: + +with lib; +let + pcSystems = { + i686-linux.target = "i386"; + x86_64-linux.target = "i386"; + }; + + efiSystemsBuild = { + i686-linux.target = "i386"; + x86_64-linux.target = "x86_64"; + armv7l-linux.target = "arm"; + aarch64-linux.target = "aarch64"; + }; + + # For aarch64, we need to use '--target=aarch64-efi' when building, + # but '--target=arm64-efi' when installing. Insanity! + efiSystemsInstall = { + i686-linux.target = "i386"; + x86_64-linux.target = "x86_64"; + armv7l-linux.target = "arm"; + aarch64-linux.target = "arm64"; + }; + + canEfi = any (system: stdenv.hostPlatform.system == system) (mapAttrsToList (name: _: name) efiSystemsBuild); + inPCSystems = any (system: stdenv.hostPlatform.system == system) (mapAttrsToList (name: _: name) pcSystems); + + version = "2.06"; + +in ( + +assert efiSupport -> canEfi; +assert zfsSupport -> zfs != null; +assert !(efiSupport && xenSupport); + +stdenv.mkDerivation rec { + pname = "grub"; + inherit version; + + src = fetchurl { + url = "mirror://gnu/grub/grub-${version}.tar.xz"; + sha256 = "sha256-t56kSvkbk9F80/6Ava5u1DdwZ4qaWuGSzOqAPrtlfuE="; + }; + + patches = [ + ./fix-bash-completion.patch + (fetchpatch { + name = "Add-hidden-menu-entries.patch"; + # https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00089.html + url = "https://marc.info/?l=grub-devel&m=146193404929072&q=mbox"; + sha256 = "00wa1q5adiass6i0x7p98vynj9vsz1w0gn1g4dgz89v35mpyw2bi"; + }) + + # Pull upstream patch to fix linkage against binutils-2.36. + (fetchpatch { + name = "binutils-2.36"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701"; + sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82"; + }) + ]; + + postPatch = if kbdcompSupport then '' + sed -i util/grub-kbdcomp.in -e 's@\bckbcomp\b@${ckbcomp}/bin/ckbcomp@' + '' else '' + echo '#! ${runtimeShell}' > util/grub-kbdcomp.in + echo 'echo "Compile grub2 with { kbdcompSupport = true; } to enable support for this command."' >> util/grub-kbdcomp.in + ''; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoreconfHook ]; + buildInputs = [ ncurses libusb-compat-0_1 freetype lvm2 fuse libtool bash ] + ++ optional doCheck qemu + ++ optional zfsSupport zfs; + + strictDeps = true; + + hardeningDisable = [ "all" ]; + + # Work around a bug in the generated flex lexer (upstream flex bug?) + NIX_CFLAGS_COMPILE = "-Wno-error"; + + preConfigure = + '' for i in "tests/util/"*.in + do + sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g' + done + + # Apparently, the QEMU executable is no longer called + # `qemu-system-i386', even on i386. + # + # In addition, use `-nodefaults' to avoid errors like: + # + # chardev: opening backend "stdio" failed + # qemu: could not open serial device 'stdio': Invalid argument + # + # See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>. + sed -i "tests/util/grub-shell.in" \ + -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g' + + unset CPP # setting CPP intereferes with dependency calculation + + patchShebangs . + + substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts' + ''; + + configureFlags = [ + "--enable-grub-mount" # dep of os-prober + ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + # grub doesn't do cross-compilation as usual and tries to use unprefixed + # tools to target the host. Provide toolchain information explicitly for + # cross builds. + # + # Ref: # https://github.com/buildroot/buildroot/blob/master/boot/grub2/grub2.mk#L108 + "TARGET_CC=${stdenv.cc.targetPrefix}cc" + "TARGET_NM=${stdenv.cc.targetPrefix}nm" + "TARGET_OBJCOPY=${stdenv.cc.targetPrefix}objcopy" + "TARGET_RANLIB=${stdenv.cc.targetPrefix}ranlib" + "TARGET_STRIP=${stdenv.cc.targetPrefix}strip" + ] ++ optional zfsSupport "--enable-libzfs" + ++ optionals efiSupport [ "--with-platform=efi" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}" "--program-prefix=" ] + ++ optionals xenSupport [ "--with-platform=xen" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}"]; + + # save target that grub is compiled for + grubTarget = if efiSupport + then "${efiSystemsInstall.${stdenv.hostPlatform.system}.target}-efi" + else if inPCSystems + then "${pcSystems.${stdenv.hostPlatform.system}.target}-pc" + else ""; + + doCheck = false; + enableParallelBuilding = true; + + postInstall = '' + # Avoid a runtime reference to gcc + sed -i $out/lib/grub/*/modinfo.sh -e "/grub_target_cppflags=/ s|'.*'|' '|" + # just adding bash to buildInputs wasn't enough to fix the shebang + substituteInPlace $out/lib/grub/*/modinfo.sh \ + --replace ${buildPackages.bash} "/usr/bin/bash" + ''; + + passthru.tests = { + nixos-grub = nixosTests.grub; + nixos-install-simple = nixosTests.installer.simple; + nixos-install-grub1 = nixosTests.installer.grub1; + nixos-install-grub-uefi = nixosTests.installer.simpleUefiGrub; + nixos-install-grub-uefi-spec = nixosTests.installer.simpleUefiGrubSpecialisation; + }; + + meta = with lib; { + description = "GNU GRUB, the Grand Unified Boot Loader (2.x beta)"; + + longDescription = + '' GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand + Unified Bootloader, which was originally designed and implemented by + Erich Stefan Boleyn. + + Briefly, the boot loader is the first software program that runs when a + computer starts. It is responsible for loading and transferring + control to the operating system kernel software (such as the Hurd or + the Linux). The kernel, in turn, initializes the rest of the + operating system (e.g., GNU). + ''; + + homepage = "https://www.gnu.org/software/grub/"; + + license = licenses.gpl3Plus; + + platforms = platforms.gnu ++ platforms.linux; + + maintainers = [ maintainers.samueldr ]; + }; +}) diff --git a/pkgs/tools/misc/grub/buggybios.patch b/pkgs/tools/misc/grub/buggybios.patch new file mode 100644 index 00000000000..1453a8adaa0 --- /dev/null +++ b/pkgs/tools/misc/grub/buggybios.patch @@ -0,0 +1,11 @@ +Taken from: http://savannah.gnu.org/bugs/?func=detailitem&item_id=10433 +--- grub-0.95.orig/stage2/bios.c 2004-03-27 17:34:04.000000000 +0100 ++++ grub-0.95/stage2/bios.c 2005-03-02 01:02:29.192582200 +0100 +@@ -147,6 +147,7 @@ + grub_memset (&cdrp, 0, sizeof (cdrp)); + cdrp.size = sizeof (cdrp) - sizeof (cdrp.dummy); + err = biosdisk_int13_extensions (0x4B01, drive, &cdrp); ++ err = 0; /* really ugly hack to circumvent faulty BIOS versions like Acer 292LMi */ + if (! err && cdrp.drive_no == drive) + { + if ((cdrp.media_type & 0x0F) == 0) diff --git a/pkgs/tools/misc/grub/default.nix b/pkgs/tools/misc/grub/default.nix new file mode 100644 index 00000000000..bf66a467620 --- /dev/null +++ b/pkgs/tools/misc/grub/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, fetchurl, autoreconfHook, texinfo, buggyBiosCDSupport ? true }: + +stdenv.mkDerivation rec { + pname = "grub"; + version = "0.97-73"; + + src = fetchurl { + url = "https://alpha.gnu.org/gnu/grub/grub-${lib.versions.majorMinor version}.tar.gz"; + sha256 = "02r6b52r0nsp6ryqfiqchnl7r1d9smm80sqx24494gmx5p8ia7af"; + }; + + patches = [ + # Properly handle the case of symlinks such as + # /dev/disk/by-label/bla. The symlink resolution code in + # grub-install isn't smart enough. + ./symlink.patch + ] + ++ (lib.optional buggyBiosCDSupport ./buggybios.patch) + ++ map fetchurl (import ./grub1.patches.nix) + ; + + preConfigure = '' + substituteInPlace ./configure.ac --replace 'AC_PREREQ(2.61)' 'AC_PREREQ(2.64)' + ''; + + # autoreconfHook required for the splashimage patch. + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ texinfo ]; + + hardeningDisable = [ "format" "stackprotector" ]; + + passthru.grubTarget = ""; + + meta = with lib; { + homepage = "https://www.gnu.org/software/grub"; + description = "GRand Unified Bootloader"; + license = licenses.gpl2; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/misc/grub/fix-bash-completion.patch b/pkgs/tools/misc/grub/fix-bash-completion.patch new file mode 100644 index 00000000000..97cecdce373 --- /dev/null +++ b/pkgs/tools/misc/grub/fix-bash-completion.patch @@ -0,0 +1,24 @@ +diff -ubr grub-2.00-orig/util/bash-completion.d/grub-completion.bash.in grub-2.00/util/bash-completion.d/grub-completion.bash.in +--- grub-2.00-orig/util/bash-completion.d/grub-completion.bash.in 2012-10-16 19:02:36.342733957 +0200 ++++ grub-2.00/util/bash-completion.d/grub-completion.bash.in 2012-10-16 19:04:48.262733941 +0200 +@@ -17,6 +17,12 @@ + # along with GRUB. If not, see <http://www.gnu.org/licenses/>. + # bash completion for grub + ++have() ++{ ++ unset -v have ++ _have $1 && have=yes ++} ++ + __grub_dir() { + local i c=1 boot_dir + +@@ -479,6 +485,7 @@ + have ${__grub_script_check_program} && \ + complete -F _grub_script_check -o filenames ${__grub_script_check_program} + ++unset -f have + + # Local variables: + # mode: shell-script diff --git a/pkgs/tools/misc/grub/grub1.patches.nix b/pkgs/tools/misc/grub/grub1.patches.nix new file mode 100644 index 00000000000..5ee8722b5ec --- /dev/null +++ b/pkgs/tools/misc/grub/grub1.patches.nix @@ -0,0 +1,34 @@ +# Generated by grub1-patches.sh +let + prefix = "https://salsa.debian.org/grub-team/grub-legacy/raw/1dad5507d74ef97fdd3c6cf2a028084f6f2850c3/debian/patches"; +in +[ +{ url = "${prefix}/snapshot.patch"; sha256 = "0ixymrn5w1dq0kkxnzdjwwvhjchgyrlivfvnrfncxcv30v84xzna"; } +{ url = "${prefix}/menu.lst_gnu-hurd.patch"; sha256 = "0mz8dvgmxlyrl28dza1ncfq1xipihxgymw4aw688bgg7xxmw7jbs"; } +{ url = "${prefix}/graphics.patch"; sha256 = "1v9kp832f3rhncfdrd28djhw0zfrznfmiadch33mclnkcxprcqcs"; } +{ url = "${prefix}/raid.patch"; sha256 = "0cq6dz5s7m48g76frvbf296bv4pvqkxqcbydsvs43ymqdsary7hj"; } +{ url = "${prefix}/raid_cciss.patch"; sha256 = "0sy5xvzjsllgbn26nykkq4b69lp1fcwjkjs2kmxq38sk3dzadjfl"; } +{ url = "${prefix}/xfs_freeze.patch"; sha256 = "1wqgj8ar4x4zwa37bj4a7kldiz5v92msigy3cv879nnk6sz4rmhg"; } +{ url = "${prefix}/2gb_limit.patch"; sha256 = "06f9lfl4va3alz87wzli0df5ay0xxlqj2akr2dcay6jr27z6ks29"; } +{ url = "${prefix}/grub-special_device_names.patch"; sha256 = "098608xh20sqdjqf42fm2z23r8xd9ify1v0vmy1j9qhrhk3g9qyz"; } +{ url = "${prefix}/grub-xvd_drives.patch"; sha256 = "13k0m1c1w5d1d4qd1bshjc8kp7qba4agk2j64gb7mg8vfzjd35bj"; } +{ url = "${prefix}/initrd_max_address.patch"; sha256 = "05q90rxdnyncpanhbkrknshkk7g8ff4v8fpk7wj4sg8666d9llg3"; } +{ url = "${prefix}/splashimage_help.patch"; sha256 = "1lj3xh56wf1pdcf0fg585vmggrz7qqfzbhg91qv0rf4snf3ybfvr"; } +{ url = "${prefix}/grub-install_addsyncs.patch"; sha256 = "1dzcpxi806kw3j8mx4amyy4ibc0ir3qhqyyyxz3w43741p351r65"; } +{ url = "${prefix}/grub-install_regexp.patch"; sha256 = "0ph9lb63x858019c25aa3fpsm8rzn00ad8fp88yqqvq0xq2jxq69"; } +{ url = "${prefix}/grub-install_aoe_support.patch"; sha256 = "19szmvg13h2hhijrwbgdszldg26iz7vjnagvajxb7nav7vca6k3n"; } +{ url = "${prefix}/grub-install_xvd.patch"; sha256 = "1cgh731nhs0chj2r2dzh5dcfj5xmap34i3fk0i0aq59j83cwflgz"; } +{ url = "${prefix}/geometry-26kernel.patch"; sha256 = "01vka7jrxrwlj9m1d6schygyh964a3k1rdrm3j9x910xkz74i13n"; } +{ url = "${prefix}/print_func.patch"; sha256 = "0dvrcy1i58fgrv2x1qniqfr5az9b834hm5l94k0cy8ii2nfvk27g"; } +{ url = "${prefix}/mprotect.patch"; sha256 = "0ahgnhgw2b86j024ajs6m3h2fy2shqdssjzz0ahk8ny9f4mnvns6"; } +{ url = "${prefix}/savedefault.patch"; sha256 = "1l6x1s9mxkrf3k4j9dpg7qhvrk816vs70sw073iiisvqspnrz2j3"; } +{ url = "${prefix}/find-grub-dir.patch"; sha256 = "1vkgig4dylji03jflwikhap87lz8l470ck1bhmcy8jh0slg6ndbf"; } +{ url = "${prefix}/intelmac.patch"; sha256 = "04l9mk9xm9ml8vdlpbv3qbj7gbaa0g5k4dl7xp8wm7kmqwxd9l3m"; } +{ url = "${prefix}/crossreference_manpages.patch"; sha256 = "0kd12ck4s4bg414fmllgvq8n4b58i3kgdhmcx6riaz43gg2g2b9p"; } +{ url = "${prefix}/ext3_256byte_inode.patch"; sha256 = "0ay9svbdj7mw8p1ld0iiryg6nhd9hc1xpmr9rqg9990xzmg2h4pi"; } +{ url = "${prefix}/objcopy-absolute.patch"; sha256 = "0hkmicjli7bsmc56kr40ls21v6x3yd188xpwc08dvqxnb0763077"; } +{ url = "${prefix}/no-reorder-functions.patch"; sha256 = "0gmv0nzkqim2901hd0an90kwnr83155qp2zjp52biznad2p415gw"; } +{ url = "${prefix}/modern-automake.patch"; sha256 = "08l3y6cbk6gfj63kpqlpzrlain7nmvki7jjjxq86n7himj078znj"; } +{ url = "${prefix}/no-combine-stack-adjustments.patch"; sha256 = "0h4di8zja0rg45rs02x9qm8q1vxly1bcl6ms08wgdl5ywn6849nr"; } +{ url = "${prefix}/no-pie.patch"; sha256 = "0kshdsclza7lsd31apd28qq04arv42nd6wsj2v6q6jx7f8bgdaqw"; } +] diff --git a/pkgs/tools/misc/grub/grub1.patches.sh b/pkgs/tools/misc/grub/grub1.patches.sh new file mode 100755 index 00000000000..a7db25afb64 --- /dev/null +++ b/pkgs/tools/misc/grub/grub1.patches.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p nix -i bash --pure + +# Does like `maintainers/scripts/debian-patches.sh`, but specialized for +# grub1 patches, and using the new salsa service. + +# Most common usage: `pkgs/tools/misc/grub/grub1.patches.sh pkgs/tools/misc/grub/grub1.patches.nix` +# That is, after updating the script with the new list from the series file, +# removing (by commenting) patches as required. + +set -e +set -u + +# https://salsa.debian.org/grub-team/grub-legacy/tree/master/debian/patches +SERIES=( + snapshot.patch + menu.lst_gnu-hurd.patch + graphics.patch + raid.patch + raid_cciss.patch + xfs_freeze.patch + 2gb_limit.patch + grub-special_device_names.patch + grub-xvd_drives.patch + initrd_max_address.patch + splashimage_help.patch + grub-install_addsyncs.patch + grub-install_regexp.patch + grub-install_aoe_support.patch + grub-install_xvd.patch + geometry-26kernel.patch + print_func.patch + mprotect.patch + savedefault.patch + find-grub-dir.patch + intelmac.patch + crossreference_manpages.patch + ext3_256byte_inode.patch + # Breaks on NixOS. + #use_grub-probe_in_grub-install.patch + objcopy-absolute.patch + no-reorder-functions.patch + + # We aren't building amd64 binaries, see #244498 + #fix_amd64_compile.patch + modern-automake.patch + no-combine-stack-adjustments.patch + no-pie.patch +) + +# Revision mapping to current tip of the 0.97-73 branch. +rev="1dad5507d74ef97fdd3c6cf2a028084f6f2850c3" +prefix="https://salsa.debian.org/grub-team/grub-legacy/raw/${rev}/debian/patches" +FILE="$1" +shift + +cat <<EOF > "$FILE" +# Generated by grub1-patches.sh +let + prefix = "${prefix}"; +in +[ +EOF + +for PATCH in "${SERIES[@]}"; do + URL="$prefix/$PATCH" + HASH="$(nix-prefetch-url "$URL")" + echo "{ url = \"\${prefix}/$PATCH\"; sha256 = \"$HASH\"; }" >> "$FILE" +done +echo "]" >> "$FILE" diff --git a/pkgs/tools/misc/grub/pvgrub_image/configs/grub-bootstrap.cfg b/pkgs/tools/misc/grub/pvgrub_image/configs/grub-bootstrap.cfg new file mode 100644 index 00000000000..e9883149ab5 --- /dev/null +++ b/pkgs/tools/misc/grub/pvgrub_image/configs/grub-bootstrap.cfg @@ -0,0 +1 @@ +normal (memdisk)/grub.cfg diff --git a/pkgs/tools/misc/grub/pvgrub_image/configs/grub.cfg b/pkgs/tools/misc/grub/pvgrub_image/configs/grub.cfg new file mode 100644 index 00000000000..69115b7101c --- /dev/null +++ b/pkgs/tools/misc/grub/pvgrub_image/configs/grub.cfg @@ -0,0 +1,10 @@ +# The parentheses around ${root} here to match Grub's config file syntax +if search -s -f /boot/grub/grub.cfg ; then + echo "Reading (${root})/boot/grub/grub.cfg" + configfile /boot/grub/grub.cfg +fi + +if search -s -f /grub/grub.cfg ; then + echo "Reading (${root})/grub/grub.cfg" + configfile /grub/grub.cfg +fi diff --git a/pkgs/tools/misc/grub/pvgrub_image/default.nix b/pkgs/tools/misc/grub/pvgrub_image/default.nix new file mode 100644 index 00000000000..d6aba812405 --- /dev/null +++ b/pkgs/tools/misc/grub/pvgrub_image/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, grub2_xen }: + +with lib; +let + efiSystemsBuild = { + i686-linux.target = "i386"; + x86_64-linux.target = "x86_64"; + aarch64-linux.target = "aarch64"; + }; + +in ( + +stdenv.mkDerivation rec { + name = "pvgrub-image"; + + configs = ./configs; + + buildInputs = [ grub2_xen ]; + + buildCommand = '' + cp "${configs}"/* . + tar -cf memdisk.tar grub.cfg + # We include all modules except all_video.mod as otherwise grub will fail printing "no symbol table" + # if we include it. + grub-mkimage -O "${efiSystemsBuild.${stdenv.hostPlatform.system}.target}-xen" -c grub-bootstrap.cfg \ + -m memdisk.tar -o "grub-${efiSystemsBuild.${stdenv.hostPlatform.system}.target}-xen.bin" \ + $(ls "${grub2_xen}/lib/grub/${efiSystemsBuild.${stdenv.hostPlatform.system}.target}-xen/" |grep 'mod''$'|grep -v '^all_video\.mod''$') + mkdir -p "$out/lib/grub-xen" + cp "grub-${efiSystemsBuild.${stdenv.hostPlatform.system}.target}-xen.bin" $out/lib/grub-xen/ + ''; + + meta = with lib; { + description = "PvGrub image for use for booting PV Xen guests"; + + longDescription = + '' This package provides a PvGrub image for booting Para-Virtualized (PV) + Xen guests + ''; + + platforms = platforms.gnu ++ platforms.linux; + }; +}) diff --git a/pkgs/tools/misc/grub/symlink.patch b/pkgs/tools/misc/grub/symlink.patch new file mode 100644 index 00000000000..ac38be04618 --- /dev/null +++ b/pkgs/tools/misc/grub/symlink.patch @@ -0,0 +1,37 @@ +diff -rc grub-0.97-orig/util/grub-install.in grub-0.97/util/grub-install.in +*** grub-0.97-orig/util/grub-install.in 2008-09-18 11:32:13.000000000 +0200 +--- grub-0.97/util/grub-install.in 2008-09-18 11:36:40.000000000 +0200 +*************** +*** 194,217 **** + # Usage: resolve_symlink file + # Find the real file/device that file points at + resolve_symlink () { +! tmp_fname=$1 +! # Resolve symlinks +! while test -L $tmp_fname; do +! tmp_new_fname=`ls -al $tmp_fname | sed -n 's%.*-> \(.*\)%\1%p'` +! if test -z "$tmp_new_fname"; then +! echo "Unrecognized ls output" 2>&1 +! exit 1 +! fi +! +! # Convert relative symlinks +! case $tmp_new_fname in +! /*) tmp_fname="$tmp_new_fname" +! ;; +! *) tmp_fname="`echo $tmp_fname | sed 's%/[^/]*$%%'`/$tmp_new_fname" +! ;; +! esac +! done +! echo "$tmp_fname" + } + + # Usage: find_device file +--- 194,200 ---- + # Usage: resolve_symlink file + # Find the real file/device that file points at + resolve_symlink () { +! readlink -f $1 + } + + # Usage: find_device file diff --git a/pkgs/tools/misc/grub/trusted.nix b/pkgs/tools/misc/grub/trusted.nix new file mode 100644 index 00000000000..13f3c42faa4 --- /dev/null +++ b/pkgs/tools/misc/grub/trusted.nix @@ -0,0 +1,109 @@ +{ lib, stdenv, fetchurl, fetchgit, fetchpatch, autogen, flex, bison, python2, autoconf, automake +, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2 +, for_HP_laptop ? false +}: + +with lib; +let + pcSystems = { + i686-linux.target = "i386"; + x86_64-linux.target = "i386"; + }; + + inPCSystems = any (system: stdenv.hostPlatform.system == system) (mapAttrsToList (name: _: name) pcSystems); + + version = if for_HP_laptop then "1.2.1" else "1.2.0"; + + unifont_bdf = fetchurl { + url = "http://unifoundry.com/unifont-5.1.20080820.bdf.gz"; + sha256 = "0s0qfff6n6282q28nwwblp5x295zd6n71kl43xj40vgvdqxv0fxx"; + }; + + po_src = fetchurl { + name = "grub-2.02-beta2.tar.gz"; + url = "https://alpha.gnu.org/gnu/grub/grub-2.02~beta2.tar.gz"; + sha256 = "1lr9h3xcx0wwrnkxdnkfjwy08j7g7mdlmmbdip2db4zfgi69h0rm"; + + }; + +in + +stdenv.mkDerivation rec { + pname = "trustedGRUB2"; + inherit version; + + src = if for_HP_laptop + then fetchgit { + url = "https://github.com/Sirrix-AG/TrustedGRUB2"; + rev = "ab483d389bda3115ca0ae4202fd71f2e4a31ad41"; + sha256 = "1760d9hsnqkdvlag9nn8f613mqhnsxmidgvdkpmb37b0yi7p6lhz"; + } + else fetchgit { + url = "https://github.com/Sirrix-AG/TrustedGRUB2"; + rev = "1ff54a5fbe02ea01df5a7de59b1e0201e08d4f76"; + sha256 = "0yrfwx67gpg9gij5raq0cfbx3jj769lkg3diqgb7i9n86hgcdh4k"; + }; + + nativeBuildInputs = [ autogen flex bison python2 autoconf automake ]; + buildInputs = [ ncurses libusb-compat-0_1 freetype gettext lvm2 ] + ++ optional doCheck qemu; + + hardeningDisable = [ "stackprotector" "pic" ]; + + NIX_CFLAGS_COMPILE = "-Wno-error"; # generated code redefines yyfree + + preConfigure = + '' for i in "tests/util/"*.in + do + sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g' + done + + # Apparently, the QEMU executable is no longer called + # `qemu-system-i386', even on i386. + # + # In addition, use `-nodefaults' to avoid errors like: + # + # chardev: opening backend "stdio" failed + # qemu: could not open serial device 'stdio': Invalid argument + # + # See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>. + sed -i "tests/util/grub-shell.in" \ + -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g' + ''; + + prePatch = + '' tar zxf ${po_src} grub-2.02~beta2/po + rm -rf po + mv grub-2.02~beta2/po po + sh autogen.sh + gunzip < "${unifont_bdf}" > "unifont.bdf" + sed -i "configure" \ + -e "s|/usr/src/unifont.bdf|$PWD/unifont.bdf|g" + ''; + + patches = [ + ./fix-bash-completion.patch + (fetchpatch { + # glibc-2.26 and above needs '<sys/sysmacros.h>' + url = "https://github.com/Rohde-Schwarz/TrustedGRUB2/commit/7a5b301e3adb8e054288518a325135a1883c1c6c.patch"; + sha256 = "1jfrrmcrd9a8w7n419kszxgbpshx7888wc05smg5q4jvc1ag3xm7"; + }) + ]; + + # save target that grub is compiled for + grubTarget = if inPCSystems + then "${pcSystems.${stdenv.hostPlatform.system}.target}-pc" + else ""; + + doCheck = false; + # On -j16 races with early header creation: + # config.h:38:10: fatal error: ./config-util.h: No such file or directory + enableParallelBuilding = false; + + meta = with lib; { + description = "GRUB 2.0 extended with TCG (TPM) support for integrity measured boot process (trusted boot)"; + homepage = "https://github.com/Sirrix-AG/TrustedGRUB2"; + license = licenses.gpl3Plus; + platforms = platforms.gnu ++ platforms.linux; + }; +} |